зеркало из https://github.com/microsoft/msphpsql.git
Changes according to PR review comments
This commit is contained in:
Родитель
f49da62e5b
Коммит
fb1a2ecb70
|
@ -419,11 +419,15 @@ pdo_error PDO_ERRORS[] = {
|
|||
},
|
||||
{
|
||||
SQLSRV_ERROR_AKV_NAME_MISSING,
|
||||
{ IMSSP, (SQLCHAR*) "ID for Azure Key Vault is missing. A username or client Id is required.", -87, false }
|
||||
{ IMSSP, (SQLCHAR*) "The username or client Id for Azure Key Vault is missing.", -87, false }
|
||||
},
|
||||
{
|
||||
SQLSRV_ERROR_AKV_SECRET_MISSING,
|
||||
{ IMSSP, (SQLCHAR*) "Secret for Azure Key Vault is missing. A password or client secret is required.", -88, false }
|
||||
{ IMSSP, (SQLCHAR*) "The password or client secret for Azure Key Vault is missing.", -88, false }
|
||||
},
|
||||
{
|
||||
SQLSRV_ERROR_KEYSTORE_INVALID_VALUE,
|
||||
{ IMSSP, (SQLCHAR*) "Invalid value for loading Azure Key Vault.", -89, false}
|
||||
},
|
||||
{ UINT_MAX, {} }
|
||||
};
|
||||
|
|
|
@ -945,15 +945,15 @@ void load_azure_key_vault( _Inout_ sqlsrv_conn* conn TSRMLS_DC )
|
|||
if ( ! conn->ce_option.enabled || ! conn->ce_option.akv_required )
|
||||
return;
|
||||
|
||||
CHECK_CUSTOM_ERROR( conn->ce_option.akv_auth == NULL || Z_STRLEN_P(conn->ce_option.akv_auth) <= 0, conn, SQLSRV_ERROR_AKV_AUTH_MISSING) {
|
||||
CHECK_CUSTOM_ERROR( conn->ce_option.akv_auth == NULL, conn, SQLSRV_ERROR_AKV_AUTH_MISSING) {
|
||||
throw core::CoreException();
|
||||
}
|
||||
|
||||
CHECK_CUSTOM_ERROR( conn->ce_option.akv_id == NULL || Z_STRLEN_P(conn->ce_option.akv_id) <= 0, conn, SQLSRV_ERROR_AKV_NAME_MISSING) {
|
||||
CHECK_CUSTOM_ERROR( conn->ce_option.akv_id == NULL, conn, SQLSRV_ERROR_AKV_NAME_MISSING) {
|
||||
throw core::CoreException();
|
||||
}
|
||||
|
||||
CHECK_CUSTOM_ERROR( conn->ce_option.akv_secret == NULL || Z_STRLEN_P(conn->ce_option.akv_secret) <= 0, conn, SQLSRV_ERROR_AKV_SECRET_MISSING) {
|
||||
CHECK_CUSTOM_ERROR( conn->ce_option.akv_secret == NULL, conn, SQLSRV_ERROR_AKV_SECRET_MISSING) {
|
||||
throw core::CoreException();
|
||||
}
|
||||
|
||||
|
@ -962,16 +962,8 @@ void load_azure_key_vault( _Inout_ sqlsrv_conn* conn TSRMLS_DC )
|
|||
char *akv_secret = Z_STRVAL_P( conn->ce_option.akv_secret );
|
||||
unsigned int id_len = static_cast<unsigned int>( Z_STRLEN_P( conn->ce_option.akv_id ));
|
||||
unsigned int key_size = static_cast<unsigned int>( Z_STRLEN_P( conn->ce_option.akv_secret ));
|
||||
|
||||
if ( !stricmp(akv_auth, "KeyVaultPassword") )
|
||||
{
|
||||
configure_azure_key_vault( conn, AKV_CONFIG_FLAGS, AKVCFG_AUTHMODE_PASSWORD, 0 );
|
||||
}
|
||||
else if ( !stricmp(akv_auth, "KeyVaultClientSecret") )
|
||||
{
|
||||
configure_azure_key_vault( conn, AKV_CONFIG_FLAGS, AKVCFG_AUTHMODE_CLIENTKEY, 0 );
|
||||
}
|
||||
|
||||
|
||||
configure_azure_key_vault( conn, AKV_CONFIG_FLAGS, conn->ce_option.akv_mode, 0 );
|
||||
configure_azure_key_vault( conn, AKV_CONFIG_PRINCIPALID, akv_id, id_len );
|
||||
configure_azure_key_vault( conn, AKV_CONFIG_AUTHSECRET, akv_secret, key_size );
|
||||
}
|
||||
|
@ -1078,6 +1070,12 @@ void ce_akv_str_set_func::func( _In_ connection_option const* option, _In_ zval*
|
|||
{
|
||||
SQLSRV_ASSERT( Z_TYPE_P( value ) == IS_STRING, "Azure Key Vault keywords accept only strings." );
|
||||
|
||||
size_t value_len = Z_STRLEN_P( value );
|
||||
|
||||
CHECK_CUSTOM_ERROR( value_len <= 0, conn, SQLSRV_ERROR_KEYSTORE_INVALID_VALUE ) {
|
||||
throw core::CoreException();
|
||||
}
|
||||
|
||||
switch( option->conn_option_key )
|
||||
{
|
||||
case SQLSRV_CONN_OPTION_KEYSTORE_AUTHENTICATION:
|
||||
|
@ -1088,6 +1086,7 @@ void ce_akv_str_set_func::func( _In_ connection_option const* option, _In_ zval*
|
|||
throw core::CoreException();
|
||||
}
|
||||
conn->ce_option.akv_auth = value;
|
||||
conn->ce_option.akv_mode = stricmp( value_str, "KeyVaultPassword" ) ? AKVCFG_AUTHMODE_CLIENTKEY : AKVCFG_AUTHMODE_PASSWORD;
|
||||
conn->ce_option.akv_required = true;
|
||||
break;
|
||||
}
|
||||
|
|
|
@ -1055,6 +1055,7 @@ struct stmt_option;
|
|||
// This holds the various details of column encryption.
|
||||
struct col_encryption_option {
|
||||
bool enabled; // column encryption enabled, false by default
|
||||
SQLINTEGER akv_mode;
|
||||
zval_auto_ptr akv_auth;
|
||||
zval_auto_ptr akv_id;
|
||||
zval_auto_ptr akv_secret;
|
||||
|
@ -1717,6 +1718,7 @@ enum SQLSRV_ERROR_CODES {
|
|||
SQLSRV_ERROR_AKV_AUTH_MISSING,
|
||||
SQLSRV_ERROR_AKV_NAME_MISSING,
|
||||
SQLSRV_ERROR_AKV_SECRET_MISSING,
|
||||
SQLSRV_ERROR_KEYSTORE_INVALID_VALUE,
|
||||
SQLSRV_ERROR_ENCRYPTED_STREAM_FETCH,
|
||||
|
||||
// Driver specific error codes starts from here.
|
||||
|
|
|
@ -410,11 +410,15 @@ ss_error SS_ERRORS[] = {
|
|||
},
|
||||
{
|
||||
SQLSRV_ERROR_AKV_NAME_MISSING,
|
||||
{ IMSSP, (SQLCHAR*) "ID for Azure Key Vault is missing. A username or client Id is required.", -112, false }
|
||||
{ IMSSP, (SQLCHAR*) "The username or client Id for Azure Key Vault is missing.", -112, false }
|
||||
},
|
||||
{
|
||||
SQLSRV_ERROR_AKV_SECRET_MISSING,
|
||||
{ IMSSP, (SQLCHAR*) "Secret for Azure Key Vault is missing. A password or client secret is required.", -113, false }
|
||||
{ IMSSP, (SQLCHAR*) "The password or client secret for Azure Key Vault is missing.", -113, false }
|
||||
},
|
||||
{
|
||||
SQLSRV_ERROR_KEYSTORE_INVALID_VALUE,
|
||||
{ IMSSP, (SQLCHAR*) "Invalid value for loading Azure Key Vault.", -114, false}
|
||||
},
|
||||
|
||||
// terminate the list of errors/warnings
|
||||
|
|
|
@ -45,10 +45,10 @@ $keystore = "none"; // key store provider, acceptable values are none, w
|
|||
$dataEncrypted = false; // whether data is to be encrypted
|
||||
|
||||
// for Azure Key Vault
|
||||
$keyStoreAuthentication = 'KeyVaultPassword'; // can be KeyVaultPassword or KeyVaultClientSecret
|
||||
$principalName = 'name'; // for use with KeyVaultPassword
|
||||
$AKVPassword = 'password'; // for use with KeyVaultPassword
|
||||
$clientID = 'clientid'; // for use with KeyVaultClientSecret
|
||||
$AKVSecret = 'secret'; // for use with KeyVaultClientSecret
|
||||
$AKVKeyStoreAuthentication = 'TARGET_AKV_AUTH'; // can be KeyVaultPassword or KeyVaultClientSecret
|
||||
$AKVPrincipalName = 'TARGET_AKV_PRINCIPAL_NAME'; // for use with KeyVaultPassword
|
||||
$AKVPassword = 'TARGET_AKV_PASSWORD'; // for use with KeyVaultPassword
|
||||
$AKVClientID = 'TARGET_AKV_CLIENT_ID'; // for use with KeyVaultClientSecret
|
||||
$AKVSecret = 'TARGET_AKV_CLIENT_SECRET'; // for use with KeyVaultClientSecret
|
||||
|
||||
?>
|
|
@ -45,10 +45,10 @@ $keystore = "none"; // key store provider, acceptable values are none, w
|
|||
$dataEncrypted = false; // whether data is to be encrypted
|
||||
|
||||
// for Azure Key Vault
|
||||
$keyStoreAuthentication = 'KeyVaultPassword'; // can be KeyVaultPassword or KeyVaultClientSecret
|
||||
$principalName = 'name'; // for use with KeyVaultPassword
|
||||
$AKVPassword = 'password'; // for use with KeyVaultPassword
|
||||
$clientID = 'clientid'; // for use with KeyVaultClientSecret
|
||||
$AKVSecret = 'secret'; // for use with KeyVaultClientSecret
|
||||
$AKVKeyStoreAuthentication = 'TARGET_AKV_AUTH'; // can be KeyVaultPassword or KeyVaultClientSecret
|
||||
$AKVPrincipalName = 'TARGET_AKV_PRINCIPAL_NAME'; // for use with KeyVaultPassword
|
||||
$AKVPassword = 'TARGET_AKV_PASSWORD'; // for use with KeyVaultPassword
|
||||
$AKVClientID = 'TARGET_AKV_CLIENT_ID'; // for use with KeyVaultClientSecret
|
||||
$AKVSecret = 'TARGET_AKV_CLIENT_SECRET'; // for use with KeyVaultClientSecret
|
||||
|
||||
?>
|
||||
|
|
Загрузка…
Ссылка в новой задаче